Re: chkrootkit and linux 2.6
Right now chkrootkit gets lots of false positives regarding LKMs. There
was a pretty thorough discussion just a couple days ago so look through
the archive for the details:
So, its _probably_ a false alarm, but ....
Computing Systems Manager
LS Bld. IIT Main Campus
Chicago IL 60616
On Tue, 2 Dec 2003, Miek Gieben wrote:
> When reading again about the (Debian) breakin, it said you should run chkrootkit
> to see if you have a rootkit installed. Well I did. But now it is complaining
> about a LKM rootkit. But i'm running a 2.6 kernel, is this still valid then?
> I've checked the md5sums of some commands (ps, kill, ...) and they are equal
> to the ones I just downloaded from a debian archive.
> I'm not subscribe to the list - so please cc me,
> Serenity now!
> -- Frank Costanza (Seinfeld)
> To UNSUBSCRIBE, email to email@example.com
> with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org